@zshuangmu/agenthub 0.4.14 → 0.4.16

package/src/lib/security-scanner.js

@@ -1,233 +1,233 @@
-/**
- * Security Scanner
- * 安全扫描模块
- *
- * 根据 PRD v1.1 安全规范实现
- */
-
-import { readdir, readFile, stat } from "node:fs/promises";
-import path from "node:path";
-
-// 敏感信息模式
-const SENSITIVE_PATTERNS = [
-  { pattern: /sk-[a-zA-Z0-9]{20,}/g, name: "OpenAI API Key", severity: "high" },
-  { pattern: /ghp_[a-zA-Z0-9]{36}/g, name: "GitHub Personal Token", severity: "high" },
-  { pattern: /gho_[a-zA-Z0-9]{36}/g, name: "GitHub OAuth Token", severity: "high" },
-  { pattern: /ghu_[a-zA-Z0-9]{36}/g, name: "GitHub User Token", severity: "high" },
-  { pattern: /ghs_[a-zA-Z0-9]{36}/g, name: "GitHub Server Token", severity: "high" },
-  { pattern: /ghr_[a-zA-Z0-9]{36}/g, name: "GitHub Refresh Token", severity: "high" },
-  { pattern: /xox[baprs]-[a-zA-Z0-9-]+/g, name: "Slack Token", severity: "high" },
-  { pattern: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g, name: "JWT Token", severity: "medium" },
-  { pattern: /(password|passwd|pwd)\s*[=:]\s*['"][^'"]+['"]/gi, name: "Password", severity: "high" },
-  { pattern: /(secret|api_key|apikey|access_key)\s*[=:]\s*['"][^'"]+['"]/gi, name: "API Key/Secret", severity: "high" },
-  { pattern: /-----BEGIN (RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----/g, name: "Private Key", severity: "critical" },
-  { pattern: /(token|bearer)\s*[=:]\s*['"][^'"]+['"]/gi, name: "Token", severity: "medium" },
-];
-
-// 禁止的配置字段路径
-const FORBIDDEN_CONFIG_PATHS = [
-  "channels",
-  "gateway",
-  "wizard",
-  "auth",
-  "credentials",
-  "secrets",
-  "tokens",
-];
-
-// 文件扩展名白名单（跳过二进制文件）
-const TEXT_EXTENSIONS = new Set([
-  ".md", ".txt", ".json", ".yaml", ".yml", ".xml", ".html", ".css", ".js", ".ts",
-  ".py", ".sh", ".bash", ".zsh", ".env", ".conf", ".config", ".ini", ".toml",
-]);
-
-/**
- * 检查文件是否为文本文件
- */
-function isTextFile(filename) {
-  const ext = path.extname(filename).toLowerCase();
-  return TEXT_EXTENSIONS.has(ext) || !ext;
-}
-
-/**
- * 扫描文件内容中的敏感信息
- */
-async function scanFileContent(filePath, content) {
-  const findings = [];
-
-  for (const { pattern, name, severity } of SENSITIVE_PATTERNS) {
-    const matches = content.match(pattern);
-    if (matches) {
-      findings.push({
-        file: filePath,
-        type: name,
-        severity,
-        count: matches.length,
-        // 不记录具体值，只记录发现
-      });
-    }
-  }
-
-  return findings;
-}
-
-/**
- * 递归扫描目录
- */
-async function scanDirectory(dirPath, basePath = "") {
-  const findings = [];
-  const entries = await readdir(dirPath, { withFileTypes: true });
-
-  for (const entry of entries) {
-    const relativePath = basePath ? `${basePath}/${entry.name}` : entry.name;
-    const fullPath = path.join(dirPath, entry.name);
-
-    if (entry.isDirectory()) {
-      // 跳过 node_modules 和隐藏目录
-      if (entry.name === "node_modules" || entry.name.startsWith(".")) {
-        continue;
-      }
-      const subFindings = await scanDirectory(fullPath, relativePath);
-      findings.push(...subFindings);
-    } else if (entry.isFile() && isTextFile(entry.name)) {
-      try {
-        const content = await readFile(fullPath, "utf8");
-        const fileFindings = await scanFileContent(relativePath, content);
-        findings.push(...fileFindings);
-      } catch {
-        // 跳过无法读取的文件
-      }
-    }
-  }
-
-  return findings;
-}
-
-/**
- * 检查配置文件中的禁止字段
- */
-function checkForbiddenFields(config, path = "") {
-  const violations = [];
-
-  for (const key of Object.keys(config)) {
-    const currentPath = path ? `${path}.${key}` : key;
-
-    // 检查是否是禁止的路径
-    for (const forbidden of FORBIDDEN_CONFIG_PATHS) {
-      if (currentPath.startsWith(forbidden) || key === forbidden) {
-        violations.push({
-          path: currentPath,
-          reason: `禁止包含 ${forbidden} 配置`,
-        });
-      }
-    }
-
-    // 递归检查嵌套对象
-    if (typeof config[key] === "object" && config[key] !== null) {
-      const nestedViolations = checkForbiddenFields(config[key], currentPath);
-      violations.push(...nestedViolations);
-    }
-  }
-
-  return violations;
-}
-
-/**
- * 扫描 Bundle
- */
-export async function scanBundle(bundleDir) {
-  const result = {
-    warnings: [],
-    errors: [],
-    findings: [],
-    canPublish: true,
-  };
-
-  // 1. 扫描敏感信息
-  const workspacePath = path.join(bundleDir, "WORKSPACE");
-  try {
-    const contentFindings = await scanDirectory(workspacePath, "WORKSPACE");
-    result.findings.push(...contentFindings);
-
-    for (const finding of contentFindings) {
-      const severityIcon = finding.severity === "critical" ? "🔴" : finding.severity === "high" ? "🟠" : "🟡";
-      result.warnings.push(`${severityIcon} ${finding.file}: 发现 ${finding.type} (${finding.count} 处)`);
-
-      if (finding.severity === "critical" || finding.severity === "high") {
-        result.canPublish = false;
-      }
-    }
-  } catch {
-    // WORKSPACE 目录不存在
-  }
-
-  // 2. 检查私有记忆
-  const manifestPath = path.join(bundleDir, "MANIFEST.json");
-  try {
-    const manifest = JSON.parse(await readFile(manifestPath, "utf8"));
-
-    if (manifest.includes?.memory?.private > 0) {
-      result.errors.push("检测到私有记忆 (memory/private)，禁止公开发布");
-      result.canPublish = false;
-    }
-
-    // 3. 检查配置文件
-    const configPath = path.join(bundleDir, "OPENCLAW.template.json");
-    try {
-      const config = JSON.parse(await readFile(configPath, "utf8"));
-      const violations = checkForbiddenFields(config);
-
-      for (const violation of violations) {
-        result.warnings.push(`⚠️ OPENCLAW.template.json: ${violation.reason} (${violation.path})`);
-      }
-
-      if (violations.length > 0) {
-        result.canPublish = false;
-      }
-    } catch {
-      // 配置文件不存在
-    }
-  } catch {
-    // MANIFEST 不存在
-  }
-
-  return result;
-}
-
-/**
- * 扫描工作区（打包前预扫描）
- */
-export async function scanWorkspace(workspacePath) {
-  const result = {
-    warnings: [],
-    errors: [],
-    findings: [],
-    canPublish: true,
-  };
-
-  // 扫描敏感信息
-  const contentFindings = await scanDirectory(workspacePath);
-  result.findings.push(...contentFindings);
-
-  for (const finding of contentFindings) {
-    const severityIcon = finding.severity === "critical" ? "🔴" : finding.severity === "high" ? "🟠" : "🟡";
-    result.warnings.push(`${severityIcon} ${finding.file}: 发现 ${finding.type}`);
-  }
-
-  // 检查私有记忆
-  const privateMemoryPath = path.join(workspacePath, "memory", "private");
-  try {
-    const stat_ = await stat(privateMemoryPath);
-    if (stat_.isDirectory()) {
-      const files = await readdir(privateMemoryPath);
-      if (files.length > 0) {
-        result.warnings.push("🚫 检测到 memory/private/ 目录，包含私有记忆");
-        result.warnings.push("   公开发布时将被阻止，建议将私有记忆移出工作区");
-      }
-    }
-  } catch {
-    // 目录不存在，正常
-  }
-
-  return result;
-}
+/**
+ * Security Scanner
+ * 安全扫描模块
+ *
+ * 根据 PRD v1.1 安全规范实现
+ */
+
+import { readdir, readFile, stat } from "node:fs/promises";
+import path from "node:path";
+
+// 敏感信息模式
+const SENSITIVE_PATTERNS = [
+  { pattern: /sk-[a-zA-Z0-9]{20,}/g, name: "OpenAI API Key", severity: "high" },
+  { pattern: /ghp_[a-zA-Z0-9]{36}/g, name: "GitHub Personal Token", severity: "high" },
+  { pattern: /gho_[a-zA-Z0-9]{36}/g, name: "GitHub OAuth Token", severity: "high" },
+  { pattern: /ghu_[a-zA-Z0-9]{36}/g, name: "GitHub User Token", severity: "high" },
+  { pattern: /ghs_[a-zA-Z0-9]{36}/g, name: "GitHub Server Token", severity: "high" },
+  { pattern: /ghr_[a-zA-Z0-9]{36}/g, name: "GitHub Refresh Token", severity: "high" },
+  { pattern: /xox[baprs]-[a-zA-Z0-9-]+/g, name: "Slack Token", severity: "high" },
+  { pattern: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g, name: "JWT Token", severity: "medium" },
+  { pattern: /(password|passwd|pwd)\s*[=:]\s*['"][^'"]+['"]/gi, name: "Password", severity: "high" },
+  { pattern: /(secret|api_key|apikey|access_key)\s*[=:]\s*['"][^'"]+['"]/gi, name: "API Key/Secret", severity: "high" },
+  { pattern: /-----BEGIN (RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----/g, name: "Private Key", severity: "critical" },
+  { pattern: /(token|bearer)\s*[=:]\s*['"][^'"]+['"]/gi, name: "Token", severity: "medium" },
+];
+
+// 禁止的配置字段路径
+const FORBIDDEN_CONFIG_PATHS = [
+  "channels",
+  "gateway",
+  "wizard",
+  "auth",
+  "credentials",
+  "secrets",
+  "tokens",
+];
+
+// 文件扩展名白名单（跳过二进制文件）
+const TEXT_EXTENSIONS = new Set([
+  ".md", ".txt", ".json", ".yaml", ".yml", ".xml", ".html", ".css", ".js", ".ts",
+  ".py", ".sh", ".bash", ".zsh", ".env", ".conf", ".config", ".ini", ".toml",
+]);
+
+/**
+ * 检查文件是否为文本文件
+ */
+function isTextFile(filename) {
+  const ext = path.extname(filename).toLowerCase();
+  return TEXT_EXTENSIONS.has(ext) || !ext;
+}
+
+/**
+ * 扫描文件内容中的敏感信息
+ */
+async function scanFileContent(filePath, content) {
+  const findings = [];
+
+  for (const { pattern, name, severity } of SENSITIVE_PATTERNS) {
+    const matches = content.match(pattern);
+    if (matches) {
+      findings.push({
+        file: filePath,
+        type: name,
+        severity,
+        count: matches.length,
+        // 不记录具体值，只记录发现
+      });
+    }
+  }
+
+  return findings;
+}
+
+/**
+ * 递归扫描目录
+ */
+async function scanDirectory(dirPath, basePath = "") {
+  const findings = [];
+  const entries = await readdir(dirPath, { withFileTypes: true });
+
+  for (const entry of entries) {
+    const relativePath = basePath ? `${basePath}/${entry.name}` : entry.name;
+    const fullPath = path.join(dirPath, entry.name);
+
+    if (entry.isDirectory()) {
+      // 跳过 node_modules 和隐藏目录
+      if (entry.name === "node_modules" || entry.name.startsWith(".")) {
+        continue;
+      }
+      const subFindings = await scanDirectory(fullPath, relativePath);
+      findings.push(...subFindings);
+    } else if (entry.isFile() && isTextFile(entry.name)) {
+      try {
+        const content = await readFile(fullPath, "utf8");
+        const fileFindings = await scanFileContent(relativePath, content);
+        findings.push(...fileFindings);
+      } catch {
+        // 跳过无法读取的文件
+      }
+    }
+  }
+
+  return findings;
+}
+
+/**
+ * 检查配置文件中的禁止字段
+ */
+function checkForbiddenFields(config, path = "") {
+  const violations = [];
+
+  for (const key of Object.keys(config)) {
+    const currentPath = path ? `${path}.${key}` : key;
+
+    // 检查是否是禁止的路径
+    for (const forbidden of FORBIDDEN_CONFIG_PATHS) {
+      if (currentPath.startsWith(forbidden) || key === forbidden) {
+        violations.push({
+          path: currentPath,
+          reason: `禁止包含 ${forbidden} 配置`,
+        });
+      }
+    }
+
+    // 递归检查嵌套对象
+    if (typeof config[key] === "object" && config[key] !== null) {
+      const nestedViolations = checkForbiddenFields(config[key], currentPath);
+      violations.push(...nestedViolations);
+    }
+  }
+
+  return violations;
+}
+
+/**
+ * 扫描 Bundle
+ */
+export async function scanBundle(bundleDir) {
+  const result = {
+    warnings: [],
+    errors: [],
+    findings: [],
+    canPublish: true,
+  };
+
+  // 1. 扫描敏感信息
+  const workspacePath = path.join(bundleDir, "WORKSPACE");
+  try {
+    const contentFindings = await scanDirectory(workspacePath, "WORKSPACE");
+    result.findings.push(...contentFindings);
+
+    for (const finding of contentFindings) {
+      const severityIcon = finding.severity === "critical" ? "🔴" : finding.severity === "high" ? "🟠" : "🟡";
+      result.warnings.push(`${severityIcon} ${finding.file}: 发现 ${finding.type} (${finding.count} 处)`);
+
+      if (finding.severity === "critical" || finding.severity === "high") {
+        result.canPublish = false;
+      }
+    }
+  } catch {
+    // WORKSPACE 目录不存在
+  }
+
+  // 2. 检查私有记忆
+  const manifestPath = path.join(bundleDir, "MANIFEST.json");
+  try {
+    const manifest = JSON.parse(await readFile(manifestPath, "utf8"));
+
+    if (manifest.includes?.memory?.private > 0) {
+      result.errors.push("检测到私有记忆 (memory/private)，禁止公开发布");
+      result.canPublish = false;
+    }
+
+    // 3. 检查配置文件
+    const configPath = path.join(bundleDir, "OPENCLAW.template.json");
+    try {
+      const config = JSON.parse(await readFile(configPath, "utf8"));
+      const violations = checkForbiddenFields(config);
+
+      for (const violation of violations) {
+        result.warnings.push(`⚠️ OPENCLAW.template.json: ${violation.reason} (${violation.path})`);
+      }
+
+      if (violations.length > 0) {
+        result.canPublish = false;
+      }
+    } catch {
+      // 配置文件不存在
+    }
+  } catch {
+    // MANIFEST 不存在
+  }
+
+  return result;
+}
+
+/**
+ * 扫描工作区（打包前预扫描）
+ */
+export async function scanWorkspace(workspacePath) {
+  const result = {
+    warnings: [],
+    errors: [],
+    findings: [],
+    canPublish: true,
+  };
+
+  // 扫描敏感信息
+  const contentFindings = await scanDirectory(workspacePath);
+  result.findings.push(...contentFindings);
+
+  for (const finding of contentFindings) {
+    const severityIcon = finding.severity === "critical" ? "🔴" : finding.severity === "high" ? "🟠" : "🟡";
+    result.warnings.push(`${severityIcon} ${finding.file}: 发现 ${finding.type}`);
+  }
+
+  // 检查私有记忆
+  const privateMemoryPath = path.join(workspacePath, "memory", "private");
+  try {
+    const stat_ = await stat(privateMemoryPath);
+    if (stat_.isDirectory()) {
+      const files = await readdir(privateMemoryPath);
+      if (files.length > 0) {
+        result.warnings.push("🚫 检测到 memory/private/ 目录，包含私有记忆");
+        result.warnings.push("   公开发布时将被阻止，建议将私有记忆移出工作区");
+      }
+    }
+  } catch {
+    // 目录不存在，正常
+  }
+
+  return result;
+}

package/src/lib/signing.js

@@ -0,0 +1,158 @@
+/**
+ * Signing Module
+ * Bundle 签名与完整性校验 — AgentHub 信任链核心
+ *
+ * 职责:
+ * 1. 为 Bundle 生成 SHA-256 校验和
+ * 2. 使用 HMAC 签名
+ * 3. 安装前验证签名完整性
+ */
+
+import { createHash, createHmac } from "node:crypto";
+import { readFile, readdir, stat } from "node:fs/promises";
+import path from "node:path";
+import { pathExists, writeJson, readJson } from "./fs-utils.js";
+
+const SIGNATURE_FILE = "SIGNATURE.json";
+const HASH_ALGORITHM = "sha256";
+
+/**
+ * 计算文件的 SHA-256 哈希
+ */
+async function hashFile(filePath) {
+  const content = await readFile(filePath);
+  return createHash(HASH_ALGORITHM).update(content).digest("hex");
+}
+
+/**
+ * 递归收集目录中所有文件的哈希
+ */
+async function collectChecksums(dirPath, basePath = "") {
+  const checksums = {};
+  const entries = await readdir(dirPath, { withFileTypes: true });
+
+  for (const entry of entries) {
+    const fullPath = path.join(dirPath, entry.name);
+    const relativePath = basePath ? `${basePath}/${entry.name}` : entry.name;
+
+    // 跳过签名文件本身
+    if (!basePath && entry.name === SIGNATURE_FILE) continue;
+
+    if (entry.isDirectory()) {
+      const subChecksums = await collectChecksums(fullPath, relativePath);
+      Object.assign(checksums, subChecksums);
+    } else if (entry.isFile()) {
+      checksums[relativePath] = `${HASH_ALGORITHM}:${await hashFile(fullPath)}`;
+    }
+  }
+
+  return checksums;
+}
+
+/**
+ * 为 Bundle 生成签名
+ *
+ * @param {string} bundleDir - Bundle 目录路径
+ * @param {object} options
+ * @param {string} options.signer - 签名者标识（用户名或邮箱）
+ * @param {string} [options.secret] - HMAC 密钥
+ * @returns {Promise<object>} 签名信息
+ */
+export async function signBundle(bundleDir, options = {}) {
+  const { signer = "anonymous", secret = "agenthub-default-secret" } = options;
+
+  // 1. 收集所有文件的校验和
+  const checksums = await collectChecksums(bundleDir);
+
+  // 2. 将校验和排序后计算总哈希（确保顺序一致性）
+  const sortedKeys = Object.keys(checksums).sort();
+  const checksumString = sortedKeys.map((k) => `${k}:${checksums[k]}`).join("\n");
+  const contentHash = createHash(HASH_ALGORITHM).update(checksumString).digest("hex");
+
+  // 3. 使用 HMAC 签名
+  const signature = createHmac(HASH_ALGORITHM, secret).update(contentHash).digest("hex");
+
+  const signatureData = {
+    algorithm: HASH_ALGORITHM,
+    signer,
+    timestamp: new Date().toISOString(),
+    contentHash,
+    signature: `hmac-${HASH_ALGORITHM}:${signature}`,
+    checksums,
+    fileCount: sortedKeys.length,
+  };
+
+  // 4. 写入签名文件
+  await writeJson(path.join(bundleDir, SIGNATURE_FILE), signatureData);
+
+  return signatureData;
+}
+
+/**
+ * 验证 Bundle 签名
+ *
+ * @param {string} bundleDir - Bundle 目录路径
+ * @param {object} [options]
+ * @param {string} [options.secret] - HMAC 密钥
+ * @returns {Promise<{valid: boolean, reason?: string, details?: object}>}
+ */
+export async function verifyBundleSignature(bundleDir, options = {}) {
+  const { secret = "agenthub-default-secret" } = options;
+  const sigPath = path.join(bundleDir, SIGNATURE_FILE);
+
+  // 1. 检查签名文件是否存在
+  if (!(await pathExists(sigPath))) {
+    return { valid: false, reason: "No signature file found", unsigned: true };
+  }
+
+  const signatureData = await readJson(sigPath);
+
+  // 2. 重新收集校验和
+  const currentChecksums = await collectChecksums(bundleDir);
+
+  // 3. 比对文件列表
+  const signedFiles = Object.keys(signatureData.checksums).sort();
+  const currentFiles = Object.keys(currentChecksums).sort();
+
+  const addedFiles = currentFiles.filter((f) => !signedFiles.includes(f));
+  const removedFiles = signedFiles.filter((f) => !currentFiles.includes(f));
+  const modifiedFiles = signedFiles.filter(
+    (f) => currentChecksums[f] && currentChecksums[f] !== signatureData.checksums[f]
+  );
+
+  if (addedFiles.length > 0 || removedFiles.length > 0 || modifiedFiles.length > 0) {
+    return {
+      valid: false,
+      reason: "Bundle content has been tampered with",
+      details: {
+        addedFiles,
+        removedFiles,
+        modifiedFiles,
+      },
+    };
+  }
+
+  // 4. 验证 HMAC 签名
+  const sortedKeys = Object.keys(currentChecksums).sort();
+  const checksumString = sortedKeys.map((k) => `${k}:${currentChecksums[k]}`).join("\n");
+  const contentHash = createHash(HASH_ALGORITHM).update(checksumString).digest("hex");
+  const expectedSig = `hmac-${HASH_ALGORITHM}:${createHmac(HASH_ALGORITHM, secret).update(contentHash).digest("hex")}`;
+
+  if (expectedSig !== signatureData.signature) {
+    return { valid: false, reason: "Signature verification failed" };
+  }
+
+  return {
+    valid: true,
+    signer: signatureData.signer,
+    timestamp: signatureData.timestamp,
+    fileCount: signatureData.fileCount,
+  };
+}
+
+/**
+ * 快速检查 Bundle 是否已签名
+ */
+export async function isSigned(bundleDir) {
+  return pathExists(path.join(bundleDir, SIGNATURE_FILE));
+}